What Is SEC 17a-4?
Established as part of the Securities Exchange Act of 1934, SEC 17a-4 defines a set of records preservation and retention requirements for registered broker-dealers. SEC 17a-4 itself became part of the law in 1997, and in recent years, enforcement of this rule—along with the consequences for violating it—have increased significantly.
As recently as 2022, the SEC fined 16 Wall Street firms with more than $1.1 billion for widespread recordkeeping failures.
Outlined in this 14-page PDF released by the SEC, the implications of 17a-4 can mean a lot for your business and its bottom line. Read below to see how you can step up to the challenges presented by each section of 17a-4, saving your organization time, money and staff resources:
Retention Periods – Rule 17a-4 (a), (b), (c), (d)
This section of the rule outlines records retention requirements for today’s broker-dealers. It requires that firms retain most of their records for 3-6 years, whether they’re hard-copy documents or electronically stored information (ESI) such as emails.
To meet these requirements, most organizations need a way to classify and track records throughout their lifecycle, from the date they’re created, through their time in use, their retention period and eventually final disposition or archival. They’ll also need a solution that is able to put all these documents in the right place.
This is where document and records management tools come in. A document management system can help you gain control over all the different types of information you need to keep track of and even capture your paper documents for storage in a digital format. Many records management solutions offer the ability to monitor record lifecycles and notify you when records need to move from one stage to the next. In addition, advanced records management systems allow you to define retention schedules and policies at the folder level, saving records managers from having to store or move records through their lifecycles one at a time.
Audit Trail OR Write-Once-Read-Many (WORM) – Rule 17a-4(f)(2)(ii)(A)
Audit Trail
SEC recently made its first changes to Rule 17a-4 in 2022. The most significant change is allowing broker-dealers to adopt an electronic recordkeeping system that meets either the audit trail requirement OR the WORM requirement. It should provide a complete time-stamped audit trail to preserve electronic records in a manner that permits the recreation of an original record if it is altered, overwritten or erased; defined terms extracted from the final rule include:
- All modifications to and deletions of a record or any part thereof
- The date and time of actions that create, modify or delete the record
- If applicable, the identity of the individual(s) who created, modified or deleted the record
- Any other information needed to maintain an audit trail of each distinct record to ensure the authenticity and reliability of the record will permit the re-creation of the original record and interim iterations of the record
The audit trail requirement particularly applies to final records required pursuant to the rules, in lieu of drafts or iterations of records that would not otherwise be required to be maintained and preserved under Rule 17a-3 and 17a-4 or Rules 18a-5 and 18a-6. Moreover, the electronic recordkeeping system used by the firms must automatically verify the completeness and accuracy of its processes for storing and retaining records electronically.
WORM-compliant
WORM-format has been a long-time exclusive requirement for broker-dealers to preserve record in a non-rewritable, non-erasable format. This means that once a firm finish using a record and is ready to put it into retention, they must retain the record in a format where it cannot be changed, moved or deleted.
The best part of using records management software to assist with this is that you can support record content integrity even before the record enters retention. Even when actively working with files, a good records management solution can set up read-only restrictions for particular records, which can assist in preventing their modification, relocation, and deletion. Read this blog post to learn more how to create a WORM environment with cloud and SaaS solutions to support compliance.
Quality and Accuracy of Recording Process – Rule 17a-4(f)(2)(ii)(B)
In addition to the setting standards for records themselves, SEC Rule 17a-4 also requires that broker-dealers “verify automatically the quality and accuracy of the records process.” This means that you must preserve data integrity and quality for examination by auditors. The right records management solution would have the tools necessary to keep logs of these processes and catch input or output errors. To preserve business continuity—in case of disaster recovery or otherwise—some solutions even automate the process of data replication and creating backups. Most importantly, the best solutions detect file corruption, degradation of records and file tampering, which gives you peace of mind that you’re presenting auditors with up-to-date, valid and accessible information.
Serialized Original and Duplicates – Rule 17a-4(f)(2)(ii)(C)
SEC 17a-4 further requests that broker-dealers serialize their electronic recordkeeping system and time-date this media for its required retention period. This makes it easy for auditors to identify records and establish a timeline for each record as it goes through its lifecycle.
To assist broker-dealers in fulfilling this request, the right records management solution can make records easy to identify and place chronologically. Many of them assign unique numeric entry IDs to each record, and then store the record’s entry date and last modified date in the system. Some records management solutions even allow you to locate records by their assigned entry ID, their creation date, or any retention policies that may pertain to them. This search-ability makes it easy to generate reports that auditors can review.
Downloading Indexes and Records – Rule 17a-4(f)(2)(ii)(D)
To comply with SEC 17a-4, a firm’s electronic recordkeeping system must “have the capacity to readily download and transfer copies of a record and its audit trail (if applicable) in a human readable format and in a reasonable usable electronic format, as required by the staffs of the Commission and other relevant securities regulators” under Rule 17a-4(f). This means that the records management solution you choose needs to make its records downloadable in an accessible format.
A robust records management solution will allow you to download files in a variety of formats, from TIFF to PDF, or in its original, unedited format. Those that are a step above may even permit the download of multiple records in an archive file format such as a ZIP file. These download format options give auditors flexibility in how they view records, which minimizes the risk of having format readability issues that could delay the audit process.
Easily Readable – Rule 17a-4(f)(3)(i)
Further emphasizing the need for auditors to be able to read from your records, 17a-4 states that firms “at all times have available, for examination by the staffs of the Commission and self-regulatory organizations of which it is a member, for immediate production of records preserved by means of the electronic recordkeeping system and for producing copies of those records.” Similar to how 17a-4 (f)(3)(i) establishes format readability, this part of the rule focuses on the need for firms to give auditors the proper mediums to review records.
An accessible records management solution will give auditors choices on how to view your records, whether it’s from a desktop, web-based or mobile application. Others will go a step further and include built-in document viewers and the ability for authorized users to export documents, giving auditors even more options.
Facsimile Enlargement – Rule 17a-4(f)(3)(ii)
This section declares that a broker-dealer must “be ready at all times to immediately address the production of records” that may be requested by the governing authorities. This statement takes the issue of readability in a direct way—it demands that broker dealers not only make files accessible, but also ensure that auditors can physically read the files with ease.
Records management software can offer zoom functionality to assist in meeting these demands, and even support record printing for more scrutinizing review.
Separate Duplicate Copies – Rule 17a-4(f)(3)(iii)
According to amended SEC Rule 17a-4, broker-dealers must use “either a backup recordkeeping system or other redundancy capabilities”.
This requirement requires firms to preserve a second set of records that can be accessed and examined if the primary electronic recordkeeping system storing the primary set of records is disrupted, malfunctions or otherwise becomes inaccessible. Other redundancy capabilities, for example, creating two copies on an optical disk, using a different server or group of servers to store a duplicate set of records. A proper records management solution can assist you in efforts to both preserve business continuity and meet compliance requirements by replicating contents across multiple geographic locations and monitoring data storage for durability.
Organize and Index Original and Duplicate Records – Rule 17a-4(f)(3)(iv)
Under 17a-4, firms are required to “organize and index accurately all information maintained on both original and any duplicate system and maintain information necessary to locate records maintained within the system.” This means that as a broker-dealer, you need to have information searchable and easy to locate.
Most records management software solutions allow you to search records by keywords or an ID number, and index scanned documents using optical character recognition (OCR). The best solutions even allow you to share links to records securely in custom-made reports. These features can give auditors a quick reference of records presented to them, with the added ability to search for records if necessary.
Audit System – Rule 17a-4(f)(3)(v)
This section requests that broker-dealers “must have in place an audit system providing for accountability regarding inputting of records required to be maintained and preserved and must at all times be able to have the results of the audit system available for examination”. Simply put, broker-dealers need an audit trail that keeps track of changes made to records and other activities taking place where records are stored.
Records management software can offer extensive auditing capabilities to track system activity. Some solutions even allow you to view, filter and sort audit information and export it in the form of convenient reports. In addition, the right records management software would attempt to keep track of what has happened to a record, even after it has entered disposition or finished its lifecycle.
Access to Records by Regulators – Rule 17a-4(f)(3)(vi)
According to SEC Rule 17a-4, upon request, a broker-dealer must provide prompt access to records and indexes stored on electronic recordkeeping system. This means that even if you stop using a records management solution for any reason, the SEC may still ask you for the records stored on the associated system.
Still, the best software vendors out there will offer to keep your data after you stop using their services, at least for a short time. This can give you the peace of mind that you’ll be able to present information to auditors when they request it.
A Comprehensive Package
With the right records management solution, you can make meeting the compliance challenges presented by SEC Rule 17a-4 a breeze. However, to achieve the best results, you need to choose the right records management software that fits your needs and the requirements set by auditors.
To learn more about which software features you can use to simplify Rule 17a-4 compliance, watch this webinar conducted by Laserfiche and WealthManagement.com, which contains valuable information and insights on how you can leverage the Laserfiche Records Management solution to support your organization’s needs.